<?php
	
	require '../include/acaunt.inc.php';
	
	if ($_SESSION['USER_SID']) {
		redirect("index.php");
	}
	
	if (!isset($_POST['is_submitted'])) {
    	$_POST['is_submitted'] = '';
	}
	if (!isset($_POST['email'])) {
		$_POST['email'] = '';
	}
	if (!isset($_POST['password'])) {
		$_POST['password'] = '';
	}
	if (!isset($error_message)) {
		$error_message = '';
	}
	
	if ($_POST['is_submitted']) {
		$error_message = '';
		
		if (!$_POST['email']) $error_message .= 'Не е въведен E-mail адрес<br/>';
		else $_POST['email'] = escape($_POST['email']);
		if (!$_POST['password']) $error_message .= 'Не е въведена парола<br/>';
		else $_POST['password'] = escape($_POST['password']);
	
		if (!$error_message) {
			$sql = "SELECT
						user_id,
						full_name,
						accsess,
						published
					   FROM
						 users
					   WHERE
						 email = \"".escape($_POST['email'])."\"
					   AND
						 h_password = \"".md5($_POST['password'])."\"
					";
			
			$result = query($sql);
			if ($row = mysql_fetch_object($result)) {
				if($row->published)
				{
					$_SESSION['isLoggedIn'] = true;
					$_SESSION['USER_SID'] = $row->user_id;
					$_SESSION['USERNAME'] = $row->full_name;
					$_SESSION['ACCESS_SID'] = $row->accsess;
					
					# За проверка на валидност на сесията
					$salt = substr(md5(date("F")), 8);
					$_SESSION['LOGGEDIN'] = md5($row->user_id.$salt);
				
					if ($_SESSION['ACCESS_SID'] == 1) {
						
						redirect(HTML_BASE.$_SESSION["lang"]."/dashboard/");
						
					} elseif ($_SESSION['ACCESS_SID'] == 2) {
						
						redirect(HTML_BASE.$_SESSION["lang"]."/law/");
						
					} elseif ($_SESSION['ACCESS_SID'] > 2) {
						
						redirect(HTML_BASE_ADMIN);
						
					}
					
				}else{
					$error_message = 'Акаунтът е временно недостъпен!';
				}
				
			} else {
				$error_message = 'Грешно потребителско име или парола!';
			}
		}
	}
	head('Login');

?>
		
		
	<?php if ($error_message) { ?>
	<div class="message red">
		<?=$error_message?>
	</div>
	<?php } ?>
		
	<div id="loginform">
			
			<h3>Вход</h3><br><br>
            <div class="login-form">
            <form action="<?=HTML_BASE.$_SESSION["lang"].'/login/'?>" method="post" enctype="multipart/form-data">
            <input type="hidden" name="is_submitted" value="1" />
			
            <label for="email" class="required">E-mail</label><br>
            <input class="inputbox" name="email" type="text" value="<?=$_POST['email']?>" ><br><br>
			
			<label for="password" class="required">Парола</label><br>
            <input class="inputbox" name="password" type="password" value="<?=$_POST['password']?>" ><br><br>
			
            <input class="button" type="submit" name="submit" id="submit" value="вход">
			
			</form>
		</div>	
	</div>
    

<?php
foot();
?>